CVE-2025-39711: 
Linux Kernel vulnerability analysis and mitigation

CVE-2025-39711 is a vulnerability discovered in the Linux kernel's media subsystem, specifically in the Intel Virtual Sensor Camera (IVSC) driver. The vulnerability was disclosed on September 5, 2025, affecting the ACE and CSI drivers which were missing mei_cldev_disable() calls in their remove() functions (NVD).

The vulnerability stems from a missing mei_cldev_disable() call in both the ACE and CSI driver remove() functions. This causes the mei_cl client to remain part of the mei_device->file_list list even after its memory is freed by mei_cl_bus_dev_release() calling kfree(cldev->cl). The issue manifests as a use-after-free condition when mei_vsc_remove() executes mei_stop(), which first removes all mei bus devices by calling mei_ace_remove() and mei_csi_remove(), followed by mei_cl_bus_dev_release(), and then calls mei_cl_all_disconnect() which attempts to access the already freed cldev->cl (NVD).

The vulnerability leads to a use-after-free condition that can cause system crashes during shutdown. This was confirmed through KASAN (Kernel Address Sanitizer) reports showing memory access violations. The issue specifically occurs when the system is shutting down due to the platform_device_unregister(tp->pdev) call in vsc_tp_shutdown() (NVD).

The fix involves adding the missing mei_cldev_disable() calls to ensure that the mei_cl is properly removed from mei_device->file_list before it is freed. This prevents the use-after-free condition from occurring (NVD).